PoliceOne: A hacker is currently selling hundreds of thousands of police and federal employee accounts coming from a hacked police forum.
The database is said to have been stolen 2015, και περιέχει 715.000 λογαριασμούς μελών του PoliceOne.com, μια ιστοσελίδα ειδήσεων με forum για αστυνομικούς και επαγγελματίες επιβολής του νόμου.
According to a post posted on a Dark Web marketplace, the stolen sym data includes usernames, passwords access encrypted with MD5 (an algorithm that these days is easy to crack), email addresses, dates of birth, and other forum data, such as whether a member is a verified police officer.
Please note that many of the forums are private and can only be accessed by members, or in some cases only verified police officers who have submitted their badge number or other information recognitions. The latest data to help verify the officers does not appear to be in the leaked database.
Data is sold for $ 400, according to the publication. The data vendor, which uses the Berkut alias, also offers samples to verify the data.
Berkut reported to ZDNet that the SQL database was stolen by using a known exploit for the forum software, vBulletin. Let's say that until today, the software they use in the forum has not been upgraded by 2014, which makes it extremely vulnerable to attacks.
At the moment the forum is offline and one millionfaceof PoliceOne reported contradictory things:
"We have confirmed the credibility of an alleged breach of the PoliceOne forum in which hackers were able to obtain usernames, emails and hashed passwords for some of our members."
"Although we have not yet verified the allegation, we are taking immediate steps to secure our user accounts and forum, which is offline, while we are investigating to gather more information."